Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stSync stable #27

Closed
wants to merge 17 commits into from
Closed

stSync stable #27

wants to merge 17 commits into from

Conversation

spolti
Copy link
Member

@spolti spolti commented Jan 10, 2024

Description

How Has This Been Tested?

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

spolti and others added 16 commits October 19, 2023 14:52
@spolti
[RHODS-12555] - CVE-2023-44487
35dcc34 
Plus:

Fixes lint issues:

- Can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package "netip" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte

Warnings:

WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.

Signed-off-by: Spolti <fspolti@redhat.com>
@openshift-ci
Merge pull request opendatahub-io#20 from spolti/RHODS-12555
4c5fb80 
[RHODS-12555] - CVE-2023-44487
@rafvasq @spolti
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
7d17855 
Specify and link python38 to fix build/test failures due to
the wrong Python version (3.6) being used from base image.

---------

Signed-off-by: Rafael Vasquez <raf.vasquez@ibm.com>
@openshift-merge-bot
Merge pull request opendatahub-io#25 from spolti/fixCi
b30e426 
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
@spolti
Fix github.com/elazarl/goproxy Denial of Service
e499d5d 
Signed-off-by: Spolti <fspolti@redhat.com>
@openshift-merge-bot
Merge pull request opendatahub-io#24 from spolti/goproxy
09e54c6 
Fix github.com/elazarl/goproxy Denial of Service
@spolti
[RHODS-12555] - CVE-2023-44487
918f79c 
Plus:

Fixes lint issues:

- Can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package "netip" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte

Warnings:

WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.

Signed-off-by: Spolti <fspolti@redhat.com>
@rafvasq @spolti
fix: Specify Python 3.8 in Dockerfile (opendatahub-io#34)
da70aa6 
Specify and link python38 to fix build/test failures due to
the wrong Python version (3.6) being used from base image.

---------

Signed-off-by: Rafael Vasquez <raf.vasquez@ibm.com>
Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
Fix github.com/elazarl/goproxy Denial of Service
a485071 
Signed-off-by: Spolti <fspolti@redhat.com>
@ckadner @spolti
chore: Add CodeQL configuration (opendatahub-io#29)
c750c98 
Add configuration file for CodeQL vulnerability scanning.

Signed-off-by: Christian Kadner <ckadner@us.ibm.com>
Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
chore(deps): Upgrade golang.org/x/net and golang.org/grpc (opendatahu…
11c52d0 
…b-io#30)

Issues addressed:
- https://github.com/kserve/rest-proxy/security/dependabot/1
- https://github.com/kserve/rest-proxy/security/dependabot/2
- https://github.com/kserve/rest-proxy/security/dependabot/3
- https://github.com/kserve/rest-proxy/security/dependabot/4
- https://github.com/kserve/rest-proxy/security/dependabot/5
- https://www.cve.org/CVERecord?id=CVE-2023-37788

---------

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
chore: Upgrade Golang version from 1.18 to 1.19 (opendatahub-io#28)
2884d60 
- Remove the linters for "deadcode", "structcheck", "varcheck"
- Use "os" packages instead of deprecated "io/ioutil" (SA1019)
- Capture pre-commit output in a local log file

---------

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
chore: Upgrade google.golang.org/protobuf
bd494fe 
chore: Fixes google.golang.org/protobuf Stack-based Buffer Overflow

https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
chore: Upgrade golang.org/x/crypto (opendatahub-io#36)
51ba6d1 
chore:	address the following CVE:
- [CVE-2023-48795](https://www.cve.org/CVERecord?id=CVE-2023-48795):
golang.org/x/crypto Authentication Bypass by Capture-replay

---------

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
Merge branch 'main' into sync
6d147f8 
Signed-off-by: Filippe Spolti <filippespolti@gmail.com>
@openshift-merge-bot
Merge pull request opendatahub-io#26 from spolti/sync
b8ecd15 
sync kserve/rest-proxy with odh/rest-proxy
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 10, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spolti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@spolti spolti requested review from Jooho and israel-hdez and removed request for Xaenalt and VedantMahabaleshwarkar January 10, 2024 21:11
@spolti
Merge branch 'release-0.11.1' into sync-stable
ff6afff 
Signed-off-by: Filippe Spolti <filippespolti@gmail.com>
@spolti
Copy link
Member Author

spolti commented Jan 10, 2024

/close

@openshift-ci openshift-ci bot closed this Jan 10, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 10, 2024

@spolti: Closed this PR.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

israel-hdez pushed a commit to israel-hdez/kserve-rest-proxy that referenced this pull request Mar 20, 2024
@ckadner
chore: Add code generation to Makefile (opendatahub-io#27)
68c135f 
* Pre-install grpc-gateway plugin in developer Docker image
* Add `generate` make target to run protoc and download required .proto files
* Add developer instructions to README.md

---------

Signed-off-by: Christian Kadner <ckadner@us.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jooho Jooho Awaiting requested review from Jooho

@israel-hdez israel-hdez Awaiting requested review from israel-hdez

Assignees
No one assigned
Labels
approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@spolti @openshift-merge-robot @rafvasq @ckadner